![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/plugins/admin/groups/class_groupGeneric.inc b/plugins/admin/groups/class_groupGeneric.inc
index 39008f756ffcc67080432c4623f6e7f5af69bedb..3f87a2a171c8efcf61131b01e7b2a466a7212117 100644 (file)
<?php
+
class group extends plugin
{
/* CLI vars */
var $members= array();
var $users= array();
var $allusers= array();
- var $department= "";
var $saved_gidNumber= "";
var $oldgroupType= "";
var $orig_dn= "";
+ var $orig_cn= "";
var $has_mailAccount= FALSE;
var $group_dialog= FALSE;
+ var $nagios_group =FALSE;
+ var $sambaGroupType;
+ var $dialog;
+ var $OnlyShowFirstEntries =200;
+
+ var $allowGroupsWithSameNameInOtherSubtrees = true;
/* attribute list for save action */
- var $attributes= array("cn", "description", "gidNumber");
+ var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID");
var $objectclasses= array("top", "posixGroup");
function group ($config, $dn= NULL)
/* Load attributes depending on the samba version */
$this->samba3= ($config->current['SAMBAVERSION'] == 3);
$this->orig_dn= $dn;
+ $this->orig_cn= $this->cn;
/* Get member list */
if (isset($this->attrs['memberUid'][0])){
} else {
$this->fon_group= TRUE;
}
+ if (array_search ('nagiosContactGroup', $this->attrs['objectClass']) == NULL ){
+ $this->nagios_group= FALSE;
+ } else {
+ $this->nagios_group= TRUE;
+ }
}
/* Set mail flag */
$this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
$ldap= $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
- $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))");
+ $ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase"));
if ($ldap->count() != 0){
$attrs= $ldap->fetch();
$this->ridBase= $attrs['sambaAlgorithmicRidBase'][0];
}
$gufilter= get_global('gufilter');
+ $gufilter['SubSearchGroup'] = false;
+ $gufilter['dselect'] = $_SESSION['gufilter']['dselect'];
+
+ register_global('gufilter',$gufilter);
+
+ if ($this->dn == "new"){
+ if(isset($_SESSION['CurrentMainBase'])){
+ $this->base= $_SESSION['CurrentMainBase'];
+ }else{
+ $ui= get_userinfo();
+ $this->base= dn2base($ui->dn);
+ }
+ } else {
+ $this->base= preg_replace ("/^[^,]+,[^,]+,/", "", $this->dn);
+ }
+
/* This is always an account */
$this->is_account= TRUE;
$this->reload();
function execute()
{
- /* Do we represent a valid group? */
+ /* Call parent execute */
+ plugin::execute();
+
+ /* Do we represent a valid group? */
if (!$this->is_account && $this->parent == NULL){
$display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
_("This 'dn' is no group.")."</b>";
$this->reload();
}
- /* Assign templating stuff */
+ /* Base select dialog */
+ $once = true;
+ foreach($_POST as $name => $value){
+ if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){
+
+ $once = false;
+ $this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases());
+ $this->dialog->setCurrentBase($this->base);
+ }
+ }
+
+ /* Dialog handling */
+ if(is_object($this->dialog)){
+ /* Must be called before save_object */
+ $this->dialog->save_object();
+
+ if($this->dialog->isClosed()){
+ $this->dialog = false;
+ }elseif($this->dialog->isSelected()){
+ if($this->acl_is_moveable()){
+ $this->base = $this->dialog->isSelected();
+ }
+ $this->dialog= false;
+ }else{
+ return($this->dialog->execute());
+ }
+ }
+
+ /* Assign templating stuff */
$smarty= get_smarty();
if ($this->samba3){
$smarty->assign("samba3", "true");
$smarty->assign("samba3", "");
}
+ if(search_config($this->config->data['MENU'], "nagiosaccount", "CLASS")){
+ $smarty->assign("nagios",true);
+ }else{
+ $smarty->assign("nagios",false);
+ }
+
+ if(search_config($this->config->data['MENU'], "phoneAccount", "CLASS")){
+ $smarty->assign("pickupGroup",true);
+ }else{
+ $smarty->assign("pickupGroup",false);
+ }
+
+ /* Assign base ACL */
+ $baseACL = $this->getacl("base");
+ if(!$this->acl_is_moveable()) {
+ $baseACL = preg_replace("/w/","",$baseACL);
+ }
+ $smarty->assign("baseACL", $baseACL);
+
/* Manage object add dialog */
if ($this->group_dialog){
$gufilter[$type]= $_POST[$type];
}
}
+ if(isset($_POST['regex'])){
+ if(isset($_POST['SubSearchGroup'])){
+ $gufilter['SubSearchGroup'] = true;
+ }else{
+ $gufilter['SubSearchGroup'] = false;
+ }
+ }
+
if (isset($_GET['search'])){
$s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
if ($s == "**"){
}
$gufilter['regex']= $s;
}
- $regex= preg_replace('/[*]/', ".*", $gufilter['regex']);
register_global("gufilter", $gufilter);
$this->reload();
$smarty->assign("search_image", get_template_path('images/search.png'));
$smarty->assign("launchimage", get_template_path('images/small_filter.png'));
$smarty->assign("tree_image", get_template_path('images/tree.png'));
- $smarty->assign("deplist", $this->config->idepartments);
+
+ $smarty->assign("deplist", $this->get_allowed_bases("users/user"));
$smarty->assign("alphabet", generate_alphabet());
- foreach( array("dselect", "regex") as $type){
+ foreach( array("dselect", "regex","SubSearchGroup") as $type){
$smarty->assign("$type", $gufilter[$type]);
}
$smarty->assign("hint", print_sizelimit_warning());
-
- $users= array();
- foreach ($this->allusers as $key => $value){
- if (!array_key_exists($key, $this->members)){
- if (preg_match("/^$regex/i", $key)){
- $users[$key]= $value;
- }
- }
- }
- $smarty->assign("users", $users);
+ $smarty->assign("users", $this->displayUsers);
$smarty->assign("apply", apply_filter());
$display= $smarty->fetch (get_template_path('group_objects.tpl', TRUE, dirname(__FILE__)));
return ($display);
/* Bases / Departments */
if (isset($_POST['base'])){
$this->base= $_POST['base'];
- } else {
- if ($this->dn == "new"){
- $ui= get_userinfo();
- $this->base= dn2base($ui->dn);
- } else {
- $this->base= preg_replace ("/^[^,]+,[^,]+,/", "", $this->dn);
- }
}
- $smarty->assign("bases", $this->config->idepartments);
+ $smarty->assign("bases", $this->get_allowed_bases());
$smarty->assign("base_select", $this->base);
- $smarty->assign("department", $this->department);
if ($this->samba3){
$domains= array();
}
if ($this->force_gid != "1"){
$smarty->assign("forceMode", "disabled");
+ }else{
+ $smarty->assign("forceMode", "");
}
- $smarty->assign("force_gidACL", chkacl($this->acl, "gidNumber"));
- $smarty->assign("sambaDomainNameACL", chkacl($this->acl, "sambaDomainName"));
if ($this->fon_group){
$smarty->assign("fon_group", "checked");
} else {
$smarty->assign("fon_group", "");
}
- $smarty->assign("fon_groupACL", chkacl($this->acl, "fon_group"));
+
+ if ($this->nagios_group){
+ $smarty->assign("nagios_group", "checked");
+ } else {
+ $smarty->assign("nagios_group", "");
+ }
/* Fields */
foreach (array("cn", "description", "gidNumber") as $val){
$smarty->assign("$val", $this->$val);
- $smarty->assign("$val"."ACL", chkacl($this->acl, "$val"));
}
- /* Missing ACL's */
- foreach (array("base", "smbgroup", "members") as $val){
- $smarty->assign("$val"."ACL", chkacl($this->acl, "$val"));
+ $tmp = $this->plInfo();
+ foreach($tmp['plProvidedAcls'] as $name => $translation){
+ $smarty->assign($name."ACL",$this->getacl($name));
+ }
+
+ if($this->acl_is_writeable("base")){
+ $smarty->assign("baseSelect",true);
+ }else{
+ $smarty->assign("baseSelect",false);
}
/* Show main page */
/* Reload data */
function reload()
{
- /* Generate userlists */
- $this->last_sorting= "invalid";
- $this->users= array();
+ /* Fix regex string */
+ $gufilter = get_global("gufilter");
+ $regex = normalizeLdap($gufilter['regex']);
+ $MaxUser = $this->OnlyShowFirstEntries;
+
+ /* Prepare ldap link */
$ldap= $this->config->get_ldap_link();
- $gufilter= get_global("gufilter");
- $ldap->cd ($gufilter['dselect']);
- $ldap->search ("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$)))");
- natcasesort ($this->users);
- reset ($this->users);
-
- $ldap->cd ($gufilter['dselect']);
- $ldap->search ("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$)))");
- $this->allusers= array();
- while ($attrs= $ldap->fetch()){
- if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
- $this->allusers[$attrs["uid"][0]]= $attrs["sn"][0].", ".
- $attrs["givenName"][0].
- " [".$attrs["uid"][0]."]";
- } else {
- $this->allusers[$attrs["uid"][0]]= $attrs['uid'][0];
+ $ldap->cd($gufilter['dselect']);
+
+
+ /* Resolve still unresolved memberuids to fill the list with sn/giveName attributes
+ (Store gathered sn/givenName informations in $this->allusers too,
+ to be prepared when adding/deleting users)
+ */
+ $filter = "";
+ foreach ($this->memberUid as $value){
+ if(!isset($this->members[$value])){
+ $filter .= "(uid=".normalizeLdap($value).")";
}
}
- natcasesort ($this->allusers);
- reset ($this->allusers);
-
- /* Fill memberlist */
- $this->members= array();
+ if(!empty($filter)){
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("uid","sn","givenName"));
+ while($attrs = $ldap->fetch()){
+ $this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
+ $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
+ }
+ }
+
+ /* check if all uids are resolved */
foreach ($this->memberUid as $value){
- if (isset($this->allusers[$value])){
- $this->members[$value]= $this->allusers[$value];
- } else {
- $this->members[$value]= "[$value]";
+ if(!isset($this->members[$value])){
+ $this->members[$value] = _("! unknown id")." [".$value."]";
+ }
+ }
+
+ /* Create display list of users matching regex & filter
+ */
+ $this->displayUsers = array();
+ $filter = "(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$))(|(uid=".$regex.")(sn=".$regex.")(givenName=".$regex.")))";
+
+ /* Search in current tree or within subtrees depending on the checkbox from filter section */
+ if($gufilter['SubSearchGroup']){
+ $flag = GL_SIZELIMIT | GL_SUBSEARCH;
+ $base = $gufilter['dselect'];
+ }else{
+ $flag = GL_SIZELIMIT ;
+ $base = get_people_ou().$gufilter['dselect'];
+ }
+ $i = 0;
+
+
+ $res = get_list($filter,"users",$base,array("uid", "sn", "givenName"),$flag);
+
+ /* Fetch all users and skip already used users */
+ foreach($res as $attrs){
+ if(in_array($attrs['uid'][0], $this->memberUid)) {
+ continue;
}
+ $i ++;
+ if($i > $MaxUser) {
+ break;
+ }
+ $this->allusers[$attrs['uid'][0]] = $this->createResultName($attrs);
+ $this->displayUsers[$attrs['uid'][0]] = $this->createResultName($attrs);
+ }
+
+ /* If more than max users are found, display a message to warn the user */
+ if(($i == $MaxUser)){
+ print_red(sprintf(_("Your search method returned more than '%s' users, only '%s' users are shown.") , $MaxUser,$MaxUser));
}
- asort($this->members);
+
+ /* Sort lists */
+ natcasesort($this->members);
reset($this->members);
+ natcasesort ($this->displayUsers);
+ reset ($this->displayUsers);
}
+ /* Create display name, this was used so often that it is excluded into a seperate function */
+ function createResultName($attrs)
+ {
+ if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
+ $ret = $attrs["sn"][0].", ".$attrs["givenName"][0]." [".$attrs["uid"][0]."]";
+ } else {
+ $ret= $attrs['uid'][0];
+ }
+ return($ret);
+ }
+
function remove_from_parent()
{
$ldap= $this->config->get_ldap_link();
$ldap->rmdir($this->dn);
- show_ldap_error($ldap->get_error());
+ show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn));
/* Delete references to object groups */
$ldap->cd ($this->config->current['BASE']);
{
/* Save additional values for possible next step */
if (isset($_POST['groupedit'])){
+
plugin::save_object();
$this->force_gid= 0;
- $this->smbgroup= 0;
- foreach (array("force_gid", "department", "base", "smbgroup") as $val) {
- if (chkacl ($this->acl, "$val") == "" && isset($_POST["$val"])){
+
+
+ /* Only reset sambagroup flag if we are able to write this flag */
+ if($this->acl_is_writeable("sambaGroupType")){
+ $this->smbgroup = 0;
+ }
+
+ /* Get base selection */
+ if($this->acl_is_moveable() && isset($_POST['base'])){
+ $this->base = $_POST['base'];
+ }
+
+ foreach (array(
+ "force_gid" => "gidNumber",
+ "smbgroup" => "sambaGroupType") as $val => $aclname) {
+ if ($this->acl_is_writeable($aclname) && isset($_POST["$val"])){
$this->$val= $_POST["$val"];
}
}
/* Save sambaDomain attribute */
- if (chkacl ($this->acl, "sambaDomainName") == "" && $this->samba3 &&
- isset ($_POST['sambaDomainName'])){
-
+ if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
$this->sambaDomainName= $_POST['sambaDomainName'];
$this->groupType= $_POST['groupType'];
}
/* Save fon attribute */
- if (chkacl ($this->acl, "fon_group") == ""){
+ if ($this->acl_is_writeable("fon_group")){
if (isset ($_POST['fon_group'])){
$this->fon_group= TRUE;
} else {
$this->fon_group= FALSE;
}
}
-
+ if ($this->acl_is_writeable("nagios_group")){
+ if (isset ($_POST['nagios_group'])){
+ $this->nagios_group= TRUE;
+ } else {
+ $this->nagios_group= FALSE;
+ }
+ }
}
}
/* Save to LDAP */
function save()
{
+
/* ID handling */
if ($this->force_gid == 0){
if ($this->saved_gidNumber != ""){
$this->gidNumber= $this->get_next_id("gidNumber");
}
}
-
+
plugin::save();
/* Remove objectClass for samba/phone support */
for ($i= 0; $i<count($this->attrs["objectClass"]); $i++){
if ($this->attrs['objectClass'][$i] != 'sambaGroupMapping' &&
$this->attrs['objectClass'][$i] != 'sambaIdmapEntry' &&
- $this->attrs['objectClass'][$i] != 'goFonPickupGroup'){
+ $this->attrs['objectClass'][$i] != 'goFonPickupGroup' &&
+ $this->attrs['objectClass'][$i] != 'nagiosContactGroup'){
$tmp[]= $this->attrs['objectClass'][$i];
}
}
/* Add samba group functionality */
if ($this->samba3 && $this->smbgroup){
- $this->SID= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
- $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
+
+ /* Fixed undefined index ...
+ */
+ $this->SID = $this->ridBase = "";
+ if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'])){
+ $this->SID = $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['SID'];
+ }else{
+ print_red(sprintf(_("No configured SID found for '%s'."),$this->sambaDomainName));
+ }
+ if(isset($this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'])){
+ $this->ridBase= $this->config->data['SERVERS']['SAMBA'][$this->sambaDomainName]['RIDBASE'];
+ }else{
+ print_red(sprintf(_("No configured RIDBASE found for '%s'."),$this->sambaDomainName));
+ }
$this->attrs['objectClass'][]= 'sambaGroupMapping';
$this->attrs['sambaGroupType']= "2";
while(TRUE){
$sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
$ldap->cd($this->config->current['BASE']);
- $ldap->search("(sambaSID=$sid)");
+ $ldap->search("(sambaSID=$sid)",array("sambaSID"));
if ($ldap->count() == 0){
break;
}
$this->attrs['objectClass'][]= "goFonPickupGroup";
}
+ /* Add nagios functionality */
+ if ($this->nagios_group){
+ $this->attrs['objectClass'][]= "nagiosContactGroup";
+ }
+
/* Take members array */
if (count ($this->memberUid)){
$this->attrs['memberUid']= array_unique($this->memberUid);
/* Save data. Using 'modify' implies that the entry is already present, use 'add' for
new entries. So do a check first... */
- $ldap->cat ($this->dn);
+ $ldap->cat ($this->dn, array('dn'));
if ($ldap->fetch()){
/* Modify needs array() to remove values :-( */
if (!count ($this->memberUid)){
/* Write back to ldap */
$ldap->cd($this->dn);
+ $this->cleanup();
$ldap->$mode($this->attrs);
$ret= 0;
- if (show_ldap_error($ldap->get_error())){
+ if ( show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn))){
$ret= 1;
}
function check()
{
- $message= array();
+ /* Call common method to give check the hook */
+ $message= plugin::check();
/* Permissions for that base? */
if ($this->base != ""){
$new_dn= $this->dn;
}
- $ui= get_userinfo();
- $acl= get_permissions ($new_dn, $ui->subtreeACL);
- $acl= get_module_permission($acl, "group", $new_dn);
- if (chkacl($acl, "create") != ""){
+ if ($this->orig_dn == "new" && !$this->acl_is_createable()){
$message[]= _("You have no permissions to create a group on this 'Base'.");
}
/* must: cn */
- if ($this->cn == "" && chkacl ($this->acl, "cn") == ""){
+ if ($this->cn == "" && $this->acl_is_writeable("cn")){
$message[]= "The required field 'Name' is not set.";
}
$message[]= _("The field 'Name' contains invalid characters. Lowercase, numbers and dashes are allowed.");
}
- /* Check for used 'cn' */
- $ldap= $this->config->get_ldap_link();
- $ldap->cd($this->config->current['BASE']);
- $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))");
- if ($ldap->count() != 0){
-
- /* New entry? */
- if ($this->dn == 'new'){
- $message[]= _("Value specified as 'Name' is already used.");
- }
-
- /* Moved? */
- elseif ($new_dn != $this->orig_dn){
- $ldap->fetch();
- if ($ldap->getDN() != $this->orig_dn){
+ if($this->allowGroupsWithSameNameInOtherSubtrees == true){
+
+ /* Check for used 'cn' */
+ $ldap= $this->config->get_ldap_link();
+ if(($this->cn != $this->orig_cn) || ($this->orig_dn == "new")){
+ $ldap->cd("ou=groups,".$this->base);
+ $ldap->ls("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",get_groups_ou().$this->base,array("cn"));
+ if ($ldap->count() != 0){
$message[]= _("Value specified as 'Name' is already used.");
}
}
- }
+ }else{
+
+ /* Check for used 'cn' */
+ $ldap= $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",array("cn"));
+ if ($ldap->count() != 0){
+
+ /* New entry? */
+ if ($this->dn == 'new'){
+ $message[]= _("Value specified as 'Name' is already used.");
+ }
+
+ /* Moved? */
+ elseif ($new_dn != $this->orig_dn){
+ $ldap->fetch();
+ if ($ldap->getDN() != $this->orig_dn){
+ $message[]= _("Value specified as 'Name' is already used.");
+ }
+ }
+ }
+ }
+
/* Check ID */
if ($this->force_gid == "1"){
if (!is_id($this->gidNumber)){
$ldap= $this->config->get_ldap_link();
$ldap->cd ($this->config->current['BASE']);
- $ldap->search ("($attrib=*)");
+ if (preg_match('/gidNumber/i', $attrib)){
+ $oc= "posixGroup";
+ } else {
+ $oc= "posixAccount";
+ }
+ $ldap->search ("(&(objectClass=$oc)($attrib=*))", array("$attrib"));
/* Get list of ids */
while ($attrs= $ldap->fetch()){
}
}
+ function getCopyDialog()
+ {
+ $vars = array("cn");
+
+ if($this ->force_gid){
+ $used = " checked ";
+ $dis = "";
+ }else{
+ $used = "";
+ $dis = " disabled ";
+ }
+
+ $smarty = get_smarty();
+ $smarty->assign("used",$used);
+ $smarty->assign("dis" ,$dis);
+ $smarty->assign("cn" ,$this->cn);
+ $smarty->assign("gidNumber",$this->gidNumber);
+ $str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE));
+ $ret = array();
+ $ret['string'] = $str;
+ $ret['status'] = "";
+ return($ret);
+ }
+
+ function saveCopyDialog()
+ {
+ if(isset($_POST['cn'])){
+ $this->cn = $_POST['cn'];
+ }
+ if(isset($_POST['force_gid'])){
+ $this->force_gid = 1;
+ $this->gidNumber= $_POST['gidNumber'];
+ }else{
+ $this->force_gid = 0;
+ $this->gidNumber = false;
+ }
+ }
+
+
+ /* Return plugin informations for acl handling */
+ function plInfo()
+ {
+ return (array(
+ "plShortName" => _("Generic"),
+ "plDescription" => _("Generic group settings"),
+ "plSelfModify" => FALSE,
+ "plDepends" => array(),
+ "plPriority" => 0,
+ "plSection" => array("admin"),
+ "plCategory" => array("groups" => array("objectClass" => "posixGroup", "description" => _("Groups"))),
+
+ "plProvidedAcls" => array(
+ "cn" => _("Name"),
+ "base" => _("Base"),
+ "description" => _("Description"),
+
+ "fonGroup" => _("Phone pickup group"),
+ "nagiosGroup" => _("Nagios group"),
+
+ "gidNumber" => _("GID"),
+ "memberUid" => _("Group member"),
+ "sambaGroupType" => _("Samba group type"),
+ "sambaDomainName" => _("Samba domain name"),
+ "sambaSID" => _("Samba SID"))
+ ));
+ }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: